Stealing From Credit Cards Made Easy(ier)
- Posted on August 8, 2011 at 3:30pm by
Liz Klimas
- Print »
- Email »
In the old days, thieves using stolen credit cards had to go through the grueling process of purchasing items and then reselling them in order to get money. Now, a couple hackers found that new technology may help crooks skip the middle man and deposit money directly from a stolen credit card number into accounts.
Square is a dongle that can turn an iPhone or iPad into a credit card terminal, making it easier for small businesses and traveling sellers to scan a credit card’s magnetic strip on-the-go. But Adam Laurie and Zac Franken from Aperture Labs, a computer security firm, were able to trick this software using a method that could potentially be done by thieves using stolen credit card numbers.
Here’s how they did it according to Popular Science:
The dongle plugs into a headphone jack. Laurie realized this meant the device was converting magnetic information into sound waves that were interpreted by the app.
He realized he could trick the system into falsely reading audio data, so it would enter a transaction using a stolen credit card number.
He inserted a different wire into the iPad’s headphone jack, so the software thought a dongle was plugged in. Then he modified some software he had already written for translating magnetic stripe data (we mentioned he’s a hacker, right?) and then typed in a credit card number. The data was converted to sound, and the app read the information as if a real card had been swiped. Then he could deposit funds into his Square account, which are delivered within a day.
PhysOrg.com reported Laurie as saying:
“You‘d have to set up dodgy accounts that don’t trace back to you,” Laurie said. “But, that is standard practice.”
Laurie and Franken said that they shared their findings with Square in February only to be told that it wasn’t seen as a threat and that traffic analysis would expose those kinds of transactions.
The hackers had also heard unconfirmed reports that Square planned to release new dongles that encrypt transaction data.
“Encryption would be a good thing,” Franken said. “The way it is at the moment a cable between two devices and you can inject credit card numbers right into the system,” he continued.
Here’s one more reason to protect your credit card information.
Comments (30)
Sign In To Post Comments! Sign In
Popular Stories
Paper Details Obama Admin’s Alleged Secret Note Sent to Iran: If Israel Attacks, We Won’t Get Involved 585 Comments
‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 413 Comments
This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 412 Comments
Roseanne Barr: Most Billionaires ‘Violent Pedophiles’ & ‘Heartless’ Cocaine Addicts 375 Comments
President Obama Issues Major ‘Green Energy’ Executive Order 369 Comments
Faith
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 412 Comments
Pakistani Muslim Cleric Accused of Framing Disabled Christian Girl in Koran-Burning Case Read More- ‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 413 Comments
Meet the Controversial German Imam Accused of Brutally Beating His Wife & Pushing Sharia Law Read More
‘Self-Proclaimed Messiah’ & Unification Church Leader the Rev. Sun Myung Moon Has Died — Here’s His Life Story Read More
Business
- President Obama Issues Major ‘Green Energy’ Executive Order 369 Comments
- Germany’s Upcoming Court Ruling Will be Huge for the EU Read More
Ford Looks to Beat Toyota for Best-Selling Car in 2012 With This Model 151 Comments
Bernanke & QE3: Here’s What You Need to Know Read More- ‘Extortion’: Why Did the Labor Department ‘Drop the Hammer’ on Oregon Farmers? 303 Comments
Technology
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 412 Comments
‘TaserDrone’: Hackers Weaponize Quadcopter With Actual ‘Shocking’ Technology Read More
Ever Heard of the Wild ‘Burning Man’ Festival in the Middle of the Nev. Desert? Here’s Your Primer Read More
Stanford Develops Technology ‘Better Than Steroids’ for Athlete Recovery Read More
Have You Pretended to Know What ‘the Cloud’ Is? You’re Not Alone Read More
Submitting your tip... please wait!
DisgustedWithSociety
Posted on August 10, 2011 at 9:54amThieves now have the capabilities to steal your credit card information without laying a hand on your wallet or your credit card. It all centers around radio frequency identification technology, or RFID. Wi-Fi is also a way thieves can electronically obtain your information while you are making a purchase and the thieves are out in the parking lot.
1. Review your credit card statements — verify that the purchases showing are actually yours. Thieves are “feeling out” whether you notice the charges .. by using only a small portion – small amounts .. and when the card is still valid – that’s when they get you
2. Obtain a copy of your credit report at least once a year — You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See http://www.annualcreditreport.com for details on ordering a free annual credit report
Report Post »HisNameWasRobertPaulson
Posted on August 10, 2011 at 5:55amHey guys, this story is really bogus. Look, you don’t need to swipe the CC at all. You can just type the number in anyway, and you don’t need to emulate the swipe. What a bunch of tools at Veraphone! They have been trying to kill Square since they came around, and this is nothing new.
Anyone who thinks this is going to make theft easier is not paying attention. It was easier before this, and this method is actually harder than just typing in the CC info without the special hack. They hacked it for the purpose of attempting to make Square look bad. And by the looks of things, too many of you are falling for it.
Be smarter than this guys!
Report Post »Rice Water
Posted on August 10, 2011 at 8:46am“Easy(ier)”?
That makes no sense. Yet another glowing example of the journalistic prowess of the Blaze writers!
Report Post »Cold War Vet
Posted on August 10, 2011 at 2:26amAnother great liberal invention!
Seriously, do you think this is the work of a Tea Partier? Didn’t think so.
Liberals. Stealing other peoples money since 1860…
Report Post »HisNameWasRobertPaulson
Posted on August 10, 2011 at 5:51amYou have no idea what you are talking about, do you?
Report Post »nubl33t
Posted on August 10, 2011 at 4:08pmtell us oh mighty one how did the founders want taxation… the teaparty way or the liberal way?
Report Post »oh do tell us mr-educated OUR FOUNDERS WOULD CONCIDER YOU TEAPARTY NUT JOBS ANTI FEDERALISTS ….. and would of hated the lot of you
Mysterynovus
Posted on August 9, 2011 at 4:44pmTrying to steal someone’s credit card info? There’s an app for that.
Report Post »rlmeals
Posted on August 9, 2011 at 6:05pmHa ha ha!!! That made me laugh out loud, literally!
Report Post »retribution11
Posted on August 9, 2011 at 8:51pmtalk about truth in advertising! lmao
Report Post »Platonician
Posted on August 9, 2011 at 2:50pmCriminals didn’t wait for that program. My sister went to France for holidays, she bought stuff at “legit” stores, in one of them a vendor took her card and asked her to wait because his device was defective. It took a couple of minutes. One month later my sister received a call from visa informing her that someone was withdrawing large amounts of money using her card in France and in Algeria.
Report Post »jihadazzkicker
Posted on August 9, 2011 at 2:11pmWhatever…the device works great. If you are scanning a card make sure the customer signs for it right on your phone. There will always be people who will rob you, until we make the crime real jail time they will not stop.
Report Post »Quattrofanatic
Posted on August 9, 2011 at 1:01pmAs a user of the device, it’s been a huge help for the type of work I do. The transaction fees are the same as some entry level merchant accounts, but without the monthly fees and minimums.
For a small business that occasionally needs to take a credit card, this works wonderfully.
It’s also good for splitting the bill at a restaurant!
The owner has to link it to, and verify, their bank account for deposits to be made. I’m sure some will use it for evil, but what else is new in the world? I mean, credit card fraud was all the rage before this type of device came out.
Report Post »Thighmaster
Posted on August 9, 2011 at 9:49amI don’t think you need the dongle, you can just type in the cc information and process it. It’s only as secure as the person you hand your cc to. Machines don’t steal cc information, people steal cc information…
Report Post »carabou
Posted on August 9, 2011 at 9:24amCome on guys. I am a avid reader of the Blaze, but who has the axes to grind regarding Square. This company is great! Dont get caught up in this propaganda. Veraphone, the competitor to Square has begun to attack Square simply because they offer the same product. Bellow is a link to the shameless & baseless complaint Veraphone has
(http://www.computerworld.com/s/article/9213924/VeriFone_seeks_recall_of_Square_credit_card_readers_)
Square is a privately funded company that had a good idea. In fact many of you might not know the man that invented Square also invented something else we use every day… TWITTER!
It’s almost like saying “well butterknives can kill people if they fall on them, so lets ban the butterknife”
Report Post »nysparkie
Posted on August 9, 2011 at 8:47amI’m just too old for all of this. A money clip with my one 5 dollar bill and my 4 one dollar bills that Wifey lets me have.Back to cash only society and there would be no need for all this hacking crap. In a dark place just pull a gun and say “This is a stick-up! Gimme your money!”. So simple.
Report Post »beebacksoon
Posted on August 9, 2011 at 7:41amThe Blaze prints how-to rip off the public now? It’s bad enough we hear step by steps on the lame-stream medias…don’t need that hear….just a synopsis will do.
Report Post »beebacksoon
Posted on August 9, 2011 at 7:45amsorry for mispelling…sh/be “here”, not “hear”.
Report Post »beebacksoon
Posted on August 9, 2011 at 7:46amokay…another “mispell”…sh/be misspell…i think i need to take a power nap.
Report Post »bumpbs
Posted on August 9, 2011 at 2:14am“Oh it’s nothing to worry about now… and traffic analysis would expose those kinds of transactions.”
I am sorry but that sounds like the same load of crap they said when people first started to make transactions over the internet… how did that turn out?
@ JB.KIBS
No! They never look before they leap, and it seems they are always leaping out into oncoming traffic.
Report Post »banjarmon
Posted on August 9, 2011 at 12:55amI‘ll be darn if I ’ll let my card be swiped with that thing. I’ll do with out what ever I was going to buy..
Report Post »RaisingANewLeader
Posted on August 9, 2011 at 8:09amThey most likely don’t need to swipe your card with it. They built a program to emulate the sound your card would make if it were swiped. They would only need the numbers to get it to work. Any disgruntled server at a restaurant could make money on the side getting the data for an organization.
Report Post »babylonvi
Posted on August 9, 2011 at 12:14amDon’t let the card out of your possession….like your sidearm.
Report Post »Elena2010
Posted on August 9, 2011 at 12:23amAnd always, ALWAYS check your statement when it comes in. Report fraud immediately.
Report Post »miren
Posted on August 8, 2011 at 11:46pmFrightening!!!
Report Post »The_Postal
Posted on August 8, 2011 at 11:02pmDare we say, “Mega” ditto’s?
Report Post »Slobaphobe
Posted on August 8, 2011 at 9:26pmDongle Plugs. Isn’t he a WH Czar?
Report Post »The-Monk
Posted on August 8, 2011 at 8:26pmOh, good grief…
Report Post »StrongWesternbabeluvinherWesternMAN
Posted on August 8, 2011 at 8:41pmDitto what U said!
Report Post »Servant Of YHVH
Posted on August 8, 2011 at 9:24pmDouble ditto on what you said!
Report Post »jb.kibs
Posted on August 8, 2011 at 11:01pmthey really look before they leap don’t they?
Report Post »